On 3/5/2025 4:27 AM, Mimi Zohar wrote:
On Wed, 2025-03-05 at 20:08 +0800, Baoquan He wrote:
On 03/04/25 at 11:03am, steven chen wrote:
Carrying the IMA measurement list across kexec requires allocating a
buffer and copying the measurement records. Separate allocating the
buffer and copying the measurement records into separate functions in
order to allocate the buffer at kexec 'load' and copy the measurements
at kexec 'execute'.
This patch includes the following changes:
I don't know why one patch need include so many changes. From below log,
it should be split into separate patches. It may not need to make one
patch to reflect one change, we should at least split and wrap several
kind of changes to ease patch understanding and reviewing. My personal
opinion.
Agreed, well explained.
Mimi
- Refactor ima_dump_measurement_list() to move the memory allocation
to a separate function ima_alloc_kexec_file_buf() which allocates
buffer of size 'kexec_segment_size' at kexec 'load'.
- Make the local variable ima_kexec_file in ima_dump_measurement_list()
a local static to the file, so that it can be accessed from
ima_alloc_kexec_file_buf(). Compare actual memory required to ensure
there is enough memory for the entire measurement record.
- Copy only complete measurement records.
- Make necessary changes to the function ima_add_kexec_buffer() to call
the above two functions.
- Compared the memory size allocated with memory size of the entire
measurement record. Copy only complete measurement records if there
is enough memory. If there is not enough memory, it will not copy
any IMA measurement records, and this situation will result in a
failure of remote attestation.
Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Signed-off-by: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: steven chen <chenste@xxxxxxxxxxxxxxxxxxx>
I will split this patch into the following two patches:
ima: define and call ima_alloc_kexec_file_buf
ima: copy measurement records as much as possible across kexec
Thanks,
Steven
